This article may contain too much repetition or redundant language. Please help improve it by merging similar text or removing repeated statements.(May 2015)

In mathematics, a finite field or Galois field (so-named in honor of Évariste Galois) is a field that contains a finite number of elements. As with any field, a finite field is a set on which the operations of multiplication, addition, subtraction and division are defined and satisfy certain basic rules. The most common examples of finite fields are given by the integers mod p when p is a prime number.

The number of elements of a finite field is called its order. A finite field of order q exists if and only if the order q is a prime powerpk (where p is a prime number and k is a positive integer). All fields of a given order are isomorphic. In a field of order pk, adding p copies of any element always results in zero; that is, the characteristic of the field is p.

In a finite field of order q, the polynomialXq − X has all q elements of the finite field as roots. The non-zero elements of a finite field form a multiplicative group. This group is cyclic, so all non-zero elements can be expressed as powers of a single element called a primitive element of the field (in general there will be several primitive elements for a given field.)

A field has, by definition, a commutative multiplication operation. A more general algebraic structure that satisfies all the other axioms of a field, but whose multiplication is not required to be commutative, is called a division ring (or sometimes skewfield). According to Wedderburn's little theorem, any finite division ring must be commutative, and hence a finite field. This result shows that the finiteness restriction can have algebraic consequences.

A finite field is a finite set on which the four operations multiplication, addition, subtraction and division (excluding division by zero) are defined, satisfying the rules of arithmetic known as the field axioms. The simplest examples of finite fields are the prime fields: for each prime numberp, the field GF(p) (also denoted Z/pZ, Fp{\displaystyle \mathbb {F} _{p}}, or Fp) of order (that is, size) p is easily constructed as the integers modulo p.

The elements of a prime field may be represented by integers in the range 0, ..., p − 1. The sum, the difference and the product are computed by taking the remainder by p of the integer result. The multiplicative inverse of an element may be computed by using the extended Euclidean algorithm (see Extended Euclidean algorithm § Modular integers).

Let F be a finite field. For any element x in F and any integern, let us denote by n⋅x the sum of n copies of x. The least positive n such that n⋅1 = 0 must exist and is prime; it is called the characteristic of the field.

If the characteristic of F is p, one can multiply an element k of GF(p) by an element x of F(k,x)↦k⋅x{\displaystyle (k,x)\mapsto k\cdot x} by choosing an integer representative for k. This multiplication makes F into a GF(p)-vector space. It follows that the number of elements of F is pn for some integer n.

For every prime number p and every positive integer n, there are finite fields of order pn, and all fields of this order are isomorphic (see § Existence and uniqueness below). One may therefore identify all fields of order pn, which are therefore unambiguously denoted Fpn{\displaystyle \mathbb {F} _{p^{n}}}, Fpn or GF(pn), where the letters GF stand for "Galois field".[1]

is true (for every x and y) in a field of characteristic p. (This follows from the fact that all, except the first and the last, binomial coefficients of the expansion of (x + y)p are multiples of p).

For every element x in the prime field GF(p), one has xp = x (This is an immediate consequence of Fermat's little theorem, and this may be easily proved as follows: the equality is trivially true for x = 0 and x = 1; one obtains the result for the other elements of GF(p) by applying the above identity to x and 1, where x successively takes the values 1, 2, ..., p − 1 modulo p.) This implies the equality

for polynomials over GF(p). More generally, every element in GF(pn) satisfies the polynomial equation xpn − x = 0.

Any finite field extension of a finite field is separable and simple. That is, if E is a finite field and F is a subfield of E, then E is obtained from F by adjoining a single element whose minimal polynomial is separable. To use a jargon, finite fields are perfect.

over the prime field GF(p). This means that F is a finite field of lowest order, in which P has q distinct roots (the roots are distinct, as the formal derivative of P is equal to −1). Above identity shows that the sum and the product of two roots of P are roots of P, as well as the multiplicative inverse of a root of P. In other word, the roots of P form a field of order q, which is equal to F by the minimality of the splitting field.

The uniqueness up to isomorphism of splitting fields implies thus that all fields of order q are isomorphic.

In summary, we have the following classification theorem first proved in 1893 by E. H. Moore:[2]

The order of a finite field is a prime power. For every prime powerqthere are fields of orderq, and they are all isomorphic. In these fields, every element satisfies

xq=x,{\displaystyle x^{q}=x,}

and the polynomialXq − Xfactors as

Xq−X=∏a∈F(X−a).{\displaystyle X^{q}-X=\prod _{a\in F}(X-a).}

It follows that GF(pn) contains a subfield isomorphic to GF(pm) if and only if m is a divisor of n; in that case, this subfield is unique. In fact, the polynomial Xpm − X divides Xpn − X if and only if m is a divisor of n.

Given a prime power q = pn with p prime and n > 1, the field GF(q) may be explicitly constructed in the following way. One chooses first an irreducible polynomialP in GF(p)[X] of degree n (such an irreducible polynomial always exists). Then the quotient ring

GF(q)=GF(p)[X]/(P){\displaystyle {\rm {GF}}(q)={\rm {GF}}(p)[X]/(P)}

of the polynomial ring GF(p)[X] by the ideal generated by P is a field of order q.

More explicitly, the elements of GF(q) are the polynomials over GF(p) whose degree is strictly less than n. The addition and the subtraction are those of polynomials over GF(p). The product of two elements is the remainder of the Euclidean division by P of the product in GF(p)[X]. The multiplicative inverse of a non-zero element may be computed with the extended Euclidean algorithm; see Extended Euclidean algorithm § Simple algebraic field extensions.

Except in the construction of GF(4), there are several possible choices for P, which produce isomorphic results. To simplify the Euclidean division, for P one commonly chooses polynomials of the form

Xn+aX+b,{\displaystyle X^{n}+aX+b,}

which make the needed Euclidean divisions very efficient. However, for some fields, typically in characteristic 2, irreducible polynomials of the form Xn + aX + b may not exist. In characteristic 2, if the polynomial Xn + X + 1 is reducible, it is recommended to choose Xn + Xk + 1 with the lowest possible k that makes the polynomial irreducible. If all these trinomials are reducible, one chooses "pentanomials" Xn + Xa + Xb + Xc + 1, as polynomials of degree greater than 1, with an even number of terms, are never irreducible in characteristic 2, having 1 as a root.[3]

In the next sections, we will show how this general construction method works for small finite fields.

If one denotes a a root of this polynomial in GF(4), the tables of the operations in GF(4) are the following. There is no table for subtraction, as, in every field of characteristic 2, subtraction is identical to addition. In the third table, for the division of x by y, x must be read on the left, and y on the top.

For applying the above general construction of finite fields in the case of GF(p2), one has to find an irreducible polynomial of degree 2. For p = 2, this has been done in the preceding section. If p is an odd prime, there are always irreducible polynomials of the form X2 − r, with r in GF(p).

More precisely, the polynomial X2 − r is irreducible over GF(p) if and only if r is a quadratic non-residue modulo p (this is almost the definition of a quadratic non-residue). There are p−12{\displaystyle {\frac {p-1}{2}}} quadratic non-residues modulo p. For example, 2 is a quadratic non-residue for p = 3, 5, 11, 13, ..., and 3 is a quadratic non-residue for p = 5, 7, 17, .... If p ≡ 3 mod 4, that is p = 3, 7, 11, 19, ..., one may choose −1 ≡ p − 1 as a quadratic non-residue, which allows us to have a very simple irreducible polynomial X2 + 1.

Having chosen a quadratic non-residue r, let α be a symbolic square root of r, that is a symbol which has the property α2 = r, in the same way as the complex number i is a symbolic square root of −1. Then, the elements of GF(p2) are all the linear expressions

a+bα,{\displaystyle a+b\alpha ,}

with a and b in GF(p). The operations on GF(p2) are defined as follows (the operations between elements of GF(p) represented by Latin letters are the operations in GF(p)):

is irreducible over GF(2) and GF(3), that is, it is irreducible modulo 2 and 3 (to show this it suffices to show that it has no root in GF(2) nor in GF(3)). It follows that the elements of GF(8) and GF(27) may be represented by expressions

a+bα+cα2,{\displaystyle a+b\alpha +c\alpha ^{2},}

where a, b, c are elements of GF(2) or GF(3) (respectively), and α{\displaystyle \alpha } is a symbol such that

α3=α+1.{\displaystyle \alpha ^{3}=\alpha +1.}

The addition, additive inverse and multiplication on GF(8) and GF(27) may thus be defined as follows; in following formulas, the operations between elements of GF(2) or GF(3), represented by Latin letters are the operations in GF(2) or GF(3), respectively:

is irreducible over GF(2), that is, it is irreducible modulo 2. It follows that the elements of GF(16) may be represented by expressions

a+bα+cα2+dα3,{\displaystyle a+b\alpha +c\alpha ^{2}+d\alpha ^{3},}

where a, b, c, d are either 0 or 1 (elements of GF(2)), and α is a symbol such that

α4=α+1.{\displaystyle \alpha ^{4}=\alpha +1.}

As the characteristic of GF(2) is 2, each element is its additive inverse in GF(16). The addition and multiplication on GF(16) may be defined as follows; in following formulas, the operations between elements of GF(2), represented by Latin letters are the operations in GF(2).

The set of non-zero elements in GF(q) is an abelian group under the multiplication, of order q – 1. By Lagrange's theorem, there exists a divisor k of q – 1 such that xk = 1 for every non-zero x in GF(q). As the equation Xk = 1 has at most k solutions in any field, q – 1 is the lowest possible value for k. The structure theorem of finite abelian groups implies that this multiplicative group is cyclic, that all non-zero elements are powers of single element. In summary:

The multiplicative group of the non-zero elements inGF(q)is cyclic, and there exist an elementa, such that theq – 1non-zero elements ofGF(q)area, a2, ..., aq−2, aq−1 = 1.

When the nonzero elements of GF(q) are represented by their discrete logarithms, multiplication and division are easy, as they reduce to addition and subtraction modulo q – 1. However, addition amounts to computing the discrete logarithm of am + an. The identity

am + an = an(am−n + 1)

allows one to solve this problem by constructing the table of the discrete logarithms of an + 1, called Zech's logarithms, for n = 0, ..., q − 2 (it is convenient to define the discrete logarithm of zero as being −∞).

Zech's logarithms are useful for large computations, such as linear algebra over medium-sized fields, that is, fields that are sufficiently large for making natural algorithms inefficient, but not too large, as one has to pre-compute a table of the same size as the order of the field.

Every nonzero element of a finite field is a root of unity, as xq−1 = 1 for every nonzero element of GF(q).

If n is a positive integer, an nth primitive root of unity is a solution of the equation xn = 1 that is not a solution of the equation xm = 1 for any positive integer m < n. If a is a nth primitive root of unity in a field F, then F contains all the n roots of unity, which are 1, a, a2, ..., an−1.

The field GF(q) contains a nth primitive root of unity if and only if n is a divisor of q − 1; if n is a divisor of q − 1, then the number of primitive nth roots of unity in GF(q) is φ(n) (Euler's totient function). The number of nth roots of unity in GF(q) is gcd(n, q − 1).

In a field of characteristic p, every (np)th root of unity is also a nth root of unity. It follows that primitive (np)th roots of unity never exist in a field of characteristic p.

On the other hand, if n is coprime to p, the roots of the nth cyclotomic polynomial are distinct in every field of characteristic p, as this polynomial is a divisor of Xn − 1, which has 1 as formal derivative. It follows that the nth cyclotomic polynomial factors over GF(p) into distinct irreducible polynomials that have all the same degree, say d, and that GF(pd) is the smallest field of characteristic p that contains the nth primitive roots of unity.

The field GF(64) has several interesting properties that smaller fields do not share: it has two subfields such that neither is contained in the other; not all generators (elements with minimal polynomial of degree 6 over GF(2)) are primitive elements; and the primitive elements are not all conjugate under the Galois group.

The order of this field being 26, and the divisors of 6 being 1, 2, 3, 6, the subfields of GF(64) are GF(2), GF(22) = GF(4), GF(23) = GF(8), and GF(64) itself. As 2 and 3 are coprime, the intersection of GF(4) and GF(8) in GF(64) is the prime field GF(2).

The union of GF(4) and GF(8) has thus 10 elements. The remaining 54 elements of GF(64) generate GF(64) in the sense that no other subfield contains any of them. It follows that they are roots of irreducible polynomials of degree 6 over GF(2). This implies that, over GF(2), there are exactly 9 = 54/6 irreducible monic polynomials of degree 6. This may be verified by factoring X64 − X over GF(2).

The elements of GF(64) are primitive nth roots of unity for some n dividing 63. As the 3rd and the 7th roots of unity belong to GF(4) and GF(8), respectively, the 54 generators are primitive nth roots of unity for some n in {9, 21, 63}. Euler's totient function shows that there are 6 primitive 9th roots of unity, 12 primitive 21st roots of unity, and 36 primitive 63rd roots of unity. Summing these numbers, one finds again 54 elements.

They split into 6 orbits of 6 elements under the action of the Galois group.

This shows that the best choice to construct GF(64) is to define it as GF(2)[X]/(X6 + X + 1). In fact, this generator is a primitive element, and this polynomial is the irreducible polynomial that produces the easiest Euclidean division.

If F is a finite field, a non-constant monic polynomial with coefficients in F is irreducible over F, if it is not the product of two non-constant monic polynomials, with coefficients in F.

As every polynomial ring over a field is a unique factorization domain, every monic polynomial over a finite field may be factored in a unique way (up to the order of the factors) into a product of irreducible monic polynomials.

There are efficient algorithms for testing polynomial irreducibility and factoring polynomials over finite field. They are a key step for factoring polynomials over the integers or the rational numbers. At least for this reason, every computer algebra system has functions for factoring polynomials over finite fields, or, at least, over finite prime fields.

factors into linear factors over a field of order q. More precisely, this polynomial is the product of all monic polynomials of degree one over a field of order q.

This implies that, if q = pn that Xq − X is the product of all monic irreducible polynomials over GF(p), whose degree divides n. In fact, if P is an irreducible factor over GF(p) of Xq − X, its degree divides n, as its splitting field is contained in GF(pn). Conversely, if P is an irreducible monic polynomial over GF(p) of degree d dividing n, it defines a field extension of degree d, which is contained in GF(pn), and all roots of P belong to GF(pn), and are roots of Xq − X; thus P divides Xq − X. As Xq − X does not have any multiple factor, it is thus the product of all the irreducible monic polynomials that divide it.

This property is used to compute the product of the irreducible factors of each degree of polynomials over GF(p); see Distinct degree factorization.

Number of monic irreducible polynomials of a given degree over a finite field[edit]

The number N(q, n) of monic irreducible polynomials of degree n over GF(q) is given by[4]

Similarly many theoretical problems in number theory can be solved by considering their reductions modulo some or all prime numbers. See, for example, Hasse principle. Many recent developments of algebraic geometry were motivated by the need to enlarge the power of these modular methods. Wiles' proof of Fermat's Last Theorem is an example of a deep result involving many mathematical tools, including finite fields.

with inclusion, is an infinite field. It is the algebraic closure of all the fields in the system, and is denoted by: Fp¯{\displaystyle {\overline {\mathbf {F} _{p}}}}.

The inclusions commute with the Frobenius map, as it is defined the same way on each field (x ↦ x p), so the Frobenius map defines an automorphism of Fp¯{\displaystyle {\overline {\mathbf {F} _{p}}}}, which carries all subfields back to themselves. In fact Fpn can be recovered as the fixed points of the nth iterate of the Frobenius map.

However unlike the case of finite fields, the Frobenius automorphism on Fp¯{\displaystyle {\overline {\mathbf {F} _{p}}}} has infinite order, and it does not generate the full group of automorphisms of this field. That is, there are automorphisms of Fp¯{\displaystyle {\overline {\mathbf {F} _{p}}}} which are not a power of the Frobenius map. However, the group generated by the Frobenius map is a dense subgroup of the automorphism group in the Krull topology. Algebraically, this corresponds to the additive group Z being dense in the profinite integers (direct product of the p-adic integers over all primes p, with the product topology).

If we actually construct our finite fields in such a fashion that Fpn is contained in Fpm whenever n divides m, then this direct limit can be constructed as the union of all these fields. Even if we do not construct our fields this way, we can still speak of the algebraic closure, but some more delicacy is required in its construction.